Browse Skills

PIPEDA Privacy Management Framework

    Canada PIPEDA Privacy CSA Model Code
    Get Started with This Skill

    Overview

    Draft and validate the Privacy Management Framework documentation for compliance with Canada’s PIPEDA and the ten CSA Model Code principles. Covers privacy governance, PIA, breach reporting, and cross-border transfer documentation.

    Example Conversation

    You: We need our PIPEDA Privacy Management Framework documented: accountability, the ten CSA principles, breach reporting (real risk of significant harm), and cross-border transfers. Can you draft and run the checker?

    Agent: I’ll draft the framework covering accountability (privacy officer), identifying purposes, consent, limiting collection/use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance. I’ll add breach reporting threshold and timeline, and cross-border transfer safeguards, then run pipeda_principles_checker.

    Agent: Created pipeda-framework.md. Running pipeda_principles_checker

    Agent: Check PASS — the document addresses the CSA principles, breach reporting, privacy officer designation, and cross-border safeguards. Ready for OPC alignment review.

    What the Tools Validate

    pipeda_principles_checker checks the Privacy Management Framework for:

    • Ten CSA principles — Accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, challenging compliance.
    • Breach reporting — Real risk of significant harm threshold and reporting timeline (PIPEDA/OPC).
    • Privacy officer — Designated and contactable (accountability).
    • Cross-border transfer safeguards — Documentation of safeguards for transfers outside Canada.

    Output: PASS if all are present; otherwise FAIL with a short line per missing element. Run on the draft before finalizing; fix gaps and re-run until the check passes.

    Output Excerpt

    Excerpt from a generated PIPEDA framework and sample checker report.

    Framework (excerpt):

    ## Accountability

Our organization designates a Privacy Officer responsible for PIPEDA compliance: [name], [contact]. Governance structure: [description].

## CSA Model Code — Ten Principles

1. **Identifying purposes** — We collect personal information for [purposes]. 2. **Consent** — We obtain express/implied/opt-out consent as appropriate per activity. 3. **Limiting collection, use, disclosure, retention** — [Data inventory and lifecycle]. 4. **Accuracy, safeguards, openness, individual access, challenging compliance** — [Policies and procedures].

## Breach Reporting

Where there is a real risk of significant harm, we notify the OPC and affected individuals per PIPEDA requirements. Timeline: [X days]. Threshold and process: [description].

## Cross-Border Transfers

Transfers of personal information outside Canada are governed by [safeguards: contracts, adequacy, etc.]. We document transfer mechanisms and ensure equivalent protection where required.

    pipeda_principles_checker report (excerpt):

    === PIPEDA PRINCIPLES CHECK (CSA) ===
Result: PASS

Document: pipeda-framework.md
CSA principles addressed (8 principle-related references found).
Breach reporting (real risk of significant harm, timeline) documented.
Privacy officer designated and contactable.
Cross-border transfer safeguards documented.
PIPEDA Privacy Management Framework meets CSA expectations.

    Getting Started

    Add your source materials to the project workspace (data inventory, consent matrix, breach procedure), then activate the PIPEDA Privacy Management Framework skill. The agent will guide you through drafting and validating with pipeda_principles_checker.

    Ready to let your expertise drive the workflow?

    Stop wrestling with rigid templates and complex tooling. Write your process in markdown, let the agent handle the rest.

    Get Started